Rewrite token formatter engine

cassh.sh

@@ -45,53 +45,50 @@ get_ca_sk_comment_from_pk()
 	}
 }
 
-_template_fmt()
+format()
 {
-	_allowed_chars=$1
-	_char=$2
-	if [ "X$_char" = X% ]; then
-		echo %
-		return $?
-	fi
+	_s=$1
+	shift
 
-	case $_char in
-	[$_allowed_chars])
-		;;
-	*)
-		return 1
-		;;
-	esac
-
-	_v=$(eval echo '${_template_fmt_'"$_char"':-}')
-	if [ -z "$_v" ]; then
+	_cleanup=unset
+	while [ $# -ge 2 ]; do
+		_k=$1 _v=$2
+		shift 2
+		case $_k in
+		[A-Za-z])
+			;;
+		*)
+			return 1
+			;;
+		esac
+		eval "_token_${_k}=\$_v"
+		_cleanup=$_cleanup" _token_${_k}"
+	done
+	if [ $# -ne 0 ]; then
 		return 1
 	fi
 
-	echo "$_v"
-}
-
-template()
-{
-	_allowed=$1
-	_s=$2
 	_out=
-
 	while [ "${_s#*%}" != "$_s" ]; do
 		_t=${_s#*%}
 		_out=$_out${_s%"%"$_t}
 		_s=$_t
 		_c=${_s%${_s#?}}
 
-		_t=$(_template_fmt "$_allowed" "$_c")
-		if [ $? -ne 0 ]; then
+		if [ -z "${_c:-}" ]; then
 			return 1
+		elif [ X"${_c}" = X% ]; then
+			_out=$_out%
+		else
+			eval "_out=$_out\$_token_${_c}" || return 1
 		fi
-		_out=$_out$_t
 
 		_s=${_s#$_c}
 	done
 	_out=$_out$_s
 
+	eval "$_cleanup"
+
 	echo "$_out"
 }
 
@@ -136,20 +133,20 @@ main_issue()
 	read -r serial <"$PATH_CA_SERIAL"
 
 	ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
-	_template_fmt_C=${ca_comment:-cassh}
+	: ${ca_comment:=cassh}
 	find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
 		while read -r pk; do
 			pkname=${pk%.pub}
 			pkname=${pkname#$PATH_PUBKEYS_DIR/}
-			_template_fmt_f=$pkname
 
-			id=$(template Cf "$key_id_fmt")
+			id=$(format "$key_id_fmt" C "$ca_comment" f "$pkname")
 			set -- -I "$id" -Us "$PATH_CA_PUB" \
 			    $hflag $qflag $vflag \
 			    -V "$validity_interval" -z "$serial"
 
 			if $nflag; then
-				principals=$(template f "$principals_fmt")
+				principals=$(format "$principals_fmt" \
+				    f "$pkname")
 				ssh-keygen "$@" -n "$principals" "$pk"
 			else
 				ssh-keygen "$@" "$pk"